SQL injection vulnerability allowing login bypass
Description
This lab contains an SQL injection vulnerability in the login function.
Reproduction and proof of concept
SQL:
SELECT * FROM users WHERE username = 'administrator' AND password = '' OR 1=1 --
Use Burp Suite to intercept and modify the login request.
Modify the username parameter, giving it the value:
administrator'--
Or modify it in the URL:
Exploitability
An attacker needs to perform an SQL injection attack that logs in to the application as the administrator user.